Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS
Managing a large number of Information Security controls with slight impact may increase the extra effort and time in the shape of implementation and mitigation of risk. Therefore, Information Security Controls need to be prioritized. The main goals of this paper are to an in-depth study of ISO/IEC...
- Autores:
-
Tariq, Muhammad Imran
Tayyaba, Shahzadi
De-La-Hoz-Franco, Emiro
Ashraf, Muhammad Waseem
Rad, Dana
Butt, Shariq Aziz
Santarcangelo, Vito
- Tipo de recurso:
- Part of book
- Fecha de publicación:
- 2021
- Institución:
- Corporación Universidad de la Costa
- Repositorio:
- REDICUC - Repositorio CUC
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.cuc.edu.co:11323/9345
- Acceso en línea:
- https://hdl.handle.net/11323/9345
https://doi.org/10.1007/978-981-16-5036-9_27
https://repositorio.cuc.edu.co/
- Palabra clave:
- Fuzzy logic
Information security
Information security controls
ISO/IEC 27002:2013
TOPSIS
- Rights
- openAccess
- License
- Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0)
| id |
RCUC2_6f9456810021d60d4283daed56593a23 |
|---|---|
| oai_identifier_str |
oai:repositorio.cuc.edu.co:11323/9345 |
| network_acronym_str |
RCUC2 |
| network_name_str |
REDICUC - Repositorio CUC |
| repository_id_str |
|
| dc.title.eng.fl_str_mv |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| title |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| spellingShingle |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS Fuzzy logic Information security Information security controls ISO/IEC 27002:2013 TOPSIS |
| title_short |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| title_full |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| title_fullStr |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| title_full_unstemmed |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| title_sort |
Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS |
| dc.creator.fl_str_mv |
Tariq, Muhammad Imran Tayyaba, Shahzadi De-La-Hoz-Franco, Emiro Ashraf, Muhammad Waseem Rad, Dana Butt, Shariq Aziz Santarcangelo, Vito |
| dc.contributor.author.spa.fl_str_mv |
Tariq, Muhammad Imran Tayyaba, Shahzadi De-La-Hoz-Franco, Emiro Ashraf, Muhammad Waseem Rad, Dana Butt, Shariq Aziz Santarcangelo, Vito |
| dc.subject.proposal.eng.fl_str_mv |
Fuzzy logic Information security Information security controls ISO/IEC 27002:2013 TOPSIS |
| topic |
Fuzzy logic Information security Information security controls ISO/IEC 27002:2013 TOPSIS |
| description |
Managing a large number of Information Security controls with slight impact may increase the extra effort and time in the shape of implementation and mitigation of risk. Therefore, Information Security Controls need to be prioritized. The main goals of this paper are to an in-depth study of ISO/IEC 27002:2013 that consists of 114 information security controls with 35 security domains and to rank/prioritize these controls. In this study, a questioner was designed and distributed it among Information Security Experts having experience of Information Security deployment in Small Medium Enterprises (SMEs). The study initially studied different methodologies for prioritization of Information Security Controls, developed criteria including effectiveness, implementation time, mitigation time, risk and budgetary constraints to evaluate ISO/IEC 27002:2013 control. The study applies a Fuzzy Technique for Order of Preference by Similarity to Ideal Solution TOPSIS technique to evaluate and rank the information security controls. A fuzzy TOPSIS methodology comprising linguistics data is used to get unclear conditions and, therefore, fuzzy TOPSIS is used as a tool to allow a more precise calculation of inaccurate parameters than old-style methods. We contend that evaluating of ISO/IEC 27002:2013 using fuzzy TOPSIS leads to a great accurate assessment and, therefore, supports an effective selection/ranking/ prioritization of information security controls in SMEs. |
| publishDate |
2021 |
| dc.date.issued.none.fl_str_mv |
2021-11-26 |
| dc.date.accessioned.none.fl_str_mv |
2022-07-07T13:58:31Z |
| dc.date.available.none.fl_str_mv |
2022-07-07T13:58:31Z |
| dc.type.spa.fl_str_mv |
Capítulo - Parte de Libro |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_b1a7d7d4d402bcce |
| dc.type.coar.spa.fl_str_mv |
http://purl.org/coar/resource_type/c_3248 |
| dc.type.content.spa.fl_str_mv |
Text |
| dc.type.driver.spa.fl_str_mv |
info:eu-repo/semantics/bookPart |
| dc.type.redcol.spa.fl_str_mv |
http://purl.org/redcol/resource_type/CAP_LIB |
| format |
http://purl.org/coar/resource_type/c_3248 |
| dc.identifier.citation.spa.fl_str_mv |
Tariq, M.I. et al. (2022). Evaluation and Prioritization of Information Security Controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS. In: Pan, JS., Balas, V.E., Chen, CM. (eds) Advances in Intelligent Data Analysis and Applications. Smart Innovation, Systems and Technologies, vol 253. Springer, Singapore. https://doi.org/10.1007/978-981-16-5036-9_27 |
| dc.identifier.isbn.spa.fl_str_mv |
978-981-16-5035-2 |
| dc.identifier.uri.spa.fl_str_mv |
https://hdl.handle.net/11323/9345 |
| dc.identifier.url.spa.fl_str_mv |
https://doi.org/10.1007/978-981-16-5036-9_27 |
| dc.identifier.doi.spa.fl_str_mv |
10.1007/978-981-16-5036-9_27 |
| dc.identifier.instname.spa.fl_str_mv |
Corporación Universidad de la Costa |
| dc.identifier.reponame.spa.fl_str_mv |
REDICUC - Repositorio CUC |
| dc.identifier.repourl.spa.fl_str_mv |
https://repositorio.cuc.edu.co/ |
| dc.identifier.eisbn.spa.fl_str_mv |
978-981-16-5036-9 |
| identifier_str_mv |
Tariq, M.I. et al. (2022). Evaluation and Prioritization of Information Security Controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS. In: Pan, JS., Balas, V.E., Chen, CM. (eds) Advances in Intelligent Data Analysis and Applications. Smart Innovation, Systems and Technologies, vol 253. Springer, Singapore. https://doi.org/10.1007/978-981-16-5036-9_27 978-981-16-5035-2 10.1007/978-981-16-5036-9_27 Corporación Universidad de la Costa REDICUC - Repositorio CUC 978-981-16-5036-9 |
| url |
https://hdl.handle.net/11323/9345 https://doi.org/10.1007/978-981-16-5036-9_27 https://repositorio.cuc.edu.co/ |
| dc.language.iso.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.ispartofseries.spa.fl_str_mv |
Advances in Intelligent Data Analysis and Applications; |
| dc.relation.ispartofbook.spa.fl_str_mv |
Smart Innovation, Systems and Technologies |
| dc.relation.references.spa.fl_str_mv |
Tariq, M.I., Tayyaba, S., Ashraf, M.W., Rasheed, H.: Risk based NIST effectiveness analysis for cloud security. Bahria Univ. J. Inf. Commun. Technol. (BUJICT) 10 (2017) Tariq, M.I.: Analysis of the effectiveness of cloud control matrix for hybrid cloud computing. Int. J. Future Gener. Commun. Netw. 11, 1–10 (2018) Tariq, M.I.: Agent based information security framework for hybrid cloud computing. KSII Trans. Internet Inf. Syst. 13 (2019) Saint-Germain, R.: Information security management best practice based on ISO/IEC 17799. Inf. Manag. J.-Prairie Village 39, 60 (2005) Tariq, M.I., Tayyaba, S., Hashmi, M.U., Ashraf, M.W., Mian, N.A.: Agent based information security threat management framework for hybrid cloud computing. IJCSNS 17, 57 (2017) Van der Haar, H., Von Solms, R.: A model for deriving information security control attribute profiles. Comput. Secur. 22, 233–244 (2003) Tariq, M.I., Tayyaba, S., Rasheed, H., Ashraf, M.W.: Factors influencing the cloud computing adoption in higher education institutions of Punjab, Pakistan. Presented at the 2017 International Conference on Communication, Computing and Digital Systems (C-CODE) (2017) De la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J., Martínez-Álvarez, A.: Feature selection by multi-objective optimisation: application to network anomaly detection by hierarchical self-organising maps. Knowl. Based Syst. 71, 322–338 (2014) Chen, C.-T.: Extensions of the TOPSIS for group decision-making under fuzzy environment. Fuzzy Sets Syst. 114, 1–9 (2000) Gharaee, H., AGHA, M.M.: Designing of multi criteria decision making model for improve ranking of information security risks (2015) Brožová, H., Šup, L., Rydval, J., Sadok, M., Bednar, P.: Information security management: ANP based approach for risk analysis and decision making. Agris On-line Papers Econ. Inf. 8, 13–23 (2016). https://doi.org/10.7160/aol.2016.080102 Sendi, A.S., Jabbarifar, M., Shajari, M., Dagenais, M.: FEMRA: fuzzy expert model for risk assessment. In: 2010 Fifth International Conference on Internet Monitoring and Protection, pp. 48–53 (2010) Zhao, D. m, Wang, J. h, Ma, J. f: Fuzzy risk assessment of the network security. In: 2006 International Conference on Machine Learning and Cybernetics, pp. 4400–4405 (2006) Eren-Dogu, Z.F., Celikoglu, C.C.: Information security risk assessment: Bayesian prioritization for AHP group decision making 8, 14 (2012) Xinlan, Z., Zhifang, H., Guangfu, W., Xin, Z.: Information security risk assessment methodology research: group decision making and analytic hierarchy process. In: 2010 Second World Congress on Software Engineering, pp. 157–160 (2010) Lv, J.J., Zhou, Y.S., Wang, Y.Z.: A multi-criteria evaluation method of information security controls. In: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, pp. 190–194 (2011) Ejnioui, A., Otero, A.R., Tejay, G., Otero, C.E., Qureshi, A.A.: A multi-attribute evaluation of information security, 7 Guan, B.-C., Lo, C.-C., Wang, P., Hwang, J.-S.: Evaluation of information security related risks of an organization: the application of the multicriteria decision-making method. In: IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings, pp. 168–175 (2003) Ngeru, J., Bardhan, T.K.: Selecting cloud deployment model using a delphi analytic hierarchy process (DAHP). Ind. Syst. Eng. Rev. 3, 59–70 (2015) Supriya, M., Sangeeta, K., Patra, G.: Trustworthy cloud service provider selection using multi criteria decision making methods. Eng. Lett. 24 (2016) Otero, A.R., Otero, C.E., Qureshi, A.: A multi-criteria evaluation of information security controls using Boolean features. Int. J. Netw. Secur. Its Appl. 2, 1–11 (2010). https://doi.org/10.5121/ijnsa.2010.2401 Al-Safwani, N., Hassan, S., Katuk, N.: A multiple attribute decision making for improving information security control assessment. Int. J. Comput. Appl. 89, 19–24 (2014). https://doi.org/10.5120/15482-4222 Otero, A.R.: An information security control assessment methodology for organizations 176 (2014) Almeida, L., Respício, A.: Decision support for selecting information security controls. J. Decis. Syst. 27, 173–180 (2018). https://doi.org/10.1080/12460125.2018.1468177 Kierzkowski, A., Kisiel, T.: Evaluation of a security control lane with the application of fuzzy logic. Procedia Eng. 187, 656–663 (2017). https://doi.org/10.1016/j.proeng.2017.04.427 Waxler, J.: Prioritizing security controls using multiple criteria decision making for home users (2018) Jalayer, F.S., Nabiollahi, A.: Ranking criteria of enterprise information security architecture using fuzzy TOPSIS. Int. J. Comput. Sci. Inf. Technol. 8 (2016) Khajouei, H., Kazemi, M., Moosavirad, S.H.: Ranking information security controls by using fuzzy analytic hierarchy process. IseB 15, 1–19 (2017) Choo, K.K., Mubarak, S., Mani, D.: Selection of information security controls based on AHP and GRA. Presented at the (2014) Yevseyeva, I., Basto, F.V., van Moorsel, A., Janicke, H., Michael, T.: Two-stage security controls selection. Procedia Comput. Sci. 100, 8 (2016) Barnard, L., Von Solms, R.: A formalized approach to the effective selection and evaluation of information security controls. Comput. Secur. 19, 185–194 (2000) Otero, C.E., Dell, E., Qureshi, A., Otero, L.D.: A quality-based requirement prioritization framework using binary inputs. Presented at the (2010) Chen, Z., Yoon, J.: IT auditing to assure a secure cloud computing. Presented at the Services (SERVICES-1), 2010 6th World Congress on (2010) Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Inf. Syst. J. 16, 293–314 (2006) Baskerville, R., Siponen, M.: An information security meta-policy for emergent organizations. Logist. Inf. Manag. 15, 337–346 (2002) Yang, Y.-P.O., Shieh, H.-M., Tzeng, G.-H.: A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Inf. Sci. 232, 482–500 (2013) De-La-Hoz-Franco, E., Ariza-Colpas, P., Quero, J.M., Espinilla, M.: Sensor-based datasets for human activity recognition—a systematic review of literature. IEEE Access. 6, 59192–59210 (2018) Bellman, R.E., Zadeh, L.A.: Decision-making in a fuzzy environment. Manag. Sci. 17, B-141 (1970) SJ, C., Hwong, C., Chen, S., Hwong, C.: Fuzzy multiple attribute decision-making: methods and applications. книгa (1992) Pandey, M., Khare, N., Shrivastava, S.: New aggregation operator for trapezoidal fuzzy numbers based on the geometric means of the left and right apex angles. Submitted for Publication (2012) |
| dc.relation.citationendpage.spa.fl_str_mv |
289 |
| dc.relation.citationstartpage.spa.fl_str_mv |
271 |
| dc.rights.spa.fl_str_mv |
Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. |
| dc.rights.uri.spa.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.coar.spa.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| rights_invalid_str_mv |
Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. https://creativecommons.org/licenses/by-nc-sa/4.0/ http://purl.org/coar/access_right/c_abf2 |
| eu_rights_str_mv |
openAccess |
| dc.format.extent.spa.fl_str_mv |
1 página |
| dc.format.mimetype.spa.fl_str_mv |
application/pdf |
| dc.publisher.spa.fl_str_mv |
Springer Science and Business Media Deutschland GmbH |
| dc.publisher.place.spa.fl_str_mv |
Germany |
| institution |
Corporación Universidad de la Costa |
| dc.source.url.spa.fl_str_mv |
https://link.springer.com/chapter/10.1007/978-981-16-5036-9_27 |
| bitstream.url.fl_str_mv |
https://repositorio.cuc.edu.co/bitstream/11323/9345/1/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdf https://repositorio.cuc.edu.co/bitstream/11323/9345/2/license.txt https://repositorio.cuc.edu.co/bitstream/11323/9345/3/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdf.txt https://repositorio.cuc.edu.co/bitstream/11323/9345/4/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdf.jpg |
| bitstream.checksum.fl_str_mv |
c70c69ec6ab8c61c8e5c5bb2f6975926 e30e9215131d99561d40d6b0abbe9bad a274e2a87f5de60b80d8a2605ce66c0a 982bcec16a4a539b694ffdbe10776c34 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Universidad de La Costa |
| repository.mail.fl_str_mv |
bdigital@metabiblioteca.com |
| _version_ |
1808400260771348480 |
| spelling |
Tariq, Muhammad Imran03f1e2d1272dd1057d40a230b1ff04b2600Tayyaba, Shahzadi96c5e3206090361bf72658d3eb5b8988600De-La-Hoz-Franco, Emiro7f8bc6c4d65f444fb00bd3778bc623fc600Ashraf, Muhammad Waseem3f41197e000b383a20089078769cf00f600Rad, Dana4003313e57f5357fc8b10d0b6a1314c9Butt, Shariq Azizaaabb41ef52ac1962ea21811aa52765e600Santarcangelo, Vito263b60947f626085584c278afd1d0ed82022-07-07T13:58:31Z2022-07-07T13:58:31Z2021-11-26Tariq, M.I. et al. (2022). Evaluation and Prioritization of Information Security Controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSIS. In: Pan, JS., Balas, V.E., Chen, CM. (eds) Advances in Intelligent Data Analysis and Applications. Smart Innovation, Systems and Technologies, vol 253. Springer, Singapore. https://doi.org/10.1007/978-981-16-5036-9_27978-981-16-5035-2https://hdl.handle.net/11323/9345https://doi.org/10.1007/978-981-16-5036-9_2710.1007/978-981-16-5036-9_27Corporación Universidad de la CostaREDICUC - Repositorio CUChttps://repositorio.cuc.edu.co/978-981-16-5036-9Managing a large number of Information Security controls with slight impact may increase the extra effort and time in the shape of implementation and mitigation of risk. Therefore, Information Security Controls need to be prioritized. The main goals of this paper are to an in-depth study of ISO/IEC 27002:2013 that consists of 114 information security controls with 35 security domains and to rank/prioritize these controls. In this study, a questioner was designed and distributed it among Information Security Experts having experience of Information Security deployment in Small Medium Enterprises (SMEs). The study initially studied different methodologies for prioritization of Information Security Controls, developed criteria including effectiveness, implementation time, mitigation time, risk and budgetary constraints to evaluate ISO/IEC 27002:2013 control. The study applies a Fuzzy Technique for Order of Preference by Similarity to Ideal Solution TOPSIS technique to evaluate and rank the information security controls. A fuzzy TOPSIS methodology comprising linguistics data is used to get unclear conditions and, therefore, fuzzy TOPSIS is used as a tool to allow a more precise calculation of inaccurate parameters than old-style methods. We contend that evaluating of ISO/IEC 27002:2013 using fuzzy TOPSIS leads to a great accurate assessment and, therefore, supports an effective selection/ranking/ prioritization of information security controls in SMEs.1 páginaapplication/pdfengSpringer Science and Business Media Deutschland GmbHGermanyAdvances in Intelligent Data Analysis and Applications;Smart Innovation, Systems and TechnologiesTariq, M.I., Tayyaba, S., Ashraf, M.W., Rasheed, H.: Risk based NIST effectiveness analysis for cloud security. Bahria Univ. J. Inf. Commun. Technol. (BUJICT) 10 (2017)Tariq, M.I.: Analysis of the effectiveness of cloud control matrix for hybrid cloud computing. Int. J. Future Gener. Commun. Netw. 11, 1–10 (2018)Tariq, M.I.: Agent based information security framework for hybrid cloud computing. KSII Trans. Internet Inf. Syst. 13 (2019)Saint-Germain, R.: Information security management best practice based on ISO/IEC 17799. Inf. Manag. J.-Prairie Village 39, 60 (2005)Tariq, M.I., Tayyaba, S., Hashmi, M.U., Ashraf, M.W., Mian, N.A.: Agent based information security threat management framework for hybrid cloud computing. IJCSNS 17, 57 (2017)Van der Haar, H., Von Solms, R.: A model for deriving information security control attribute profiles. Comput. Secur. 22, 233–244 (2003)Tariq, M.I., Tayyaba, S., Rasheed, H., Ashraf, M.W.: Factors influencing the cloud computing adoption in higher education institutions of Punjab, Pakistan. Presented at the 2017 International Conference on Communication, Computing and Digital Systems (C-CODE) (2017)De la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J., Martínez-Álvarez, A.: Feature selection by multi-objective optimisation: application to network anomaly detection by hierarchical self-organising maps. Knowl. Based Syst. 71, 322–338 (2014)Chen, C.-T.: Extensions of the TOPSIS for group decision-making under fuzzy environment. Fuzzy Sets Syst. 114, 1–9 (2000)Gharaee, H., AGHA, M.M.: Designing of multi criteria decision making model for improve ranking of information security risks (2015)Brožová, H., Šup, L., Rydval, J., Sadok, M., Bednar, P.: Information security management: ANP based approach for risk analysis and decision making. Agris On-line Papers Econ. Inf. 8, 13–23 (2016). https://doi.org/10.7160/aol.2016.080102Sendi, A.S., Jabbarifar, M., Shajari, M., Dagenais, M.: FEMRA: fuzzy expert model for risk assessment. In: 2010 Fifth International Conference on Internet Monitoring and Protection, pp. 48–53 (2010)Zhao, D. m, Wang, J. h, Ma, J. f: Fuzzy risk assessment of the network security. In: 2006 International Conference on Machine Learning and Cybernetics, pp. 4400–4405 (2006)Eren-Dogu, Z.F., Celikoglu, C.C.: Information security risk assessment: Bayesian prioritization for AHP group decision making 8, 14 (2012)Xinlan, Z., Zhifang, H., Guangfu, W., Xin, Z.: Information security risk assessment methodology research: group decision making and analytic hierarchy process. In: 2010 Second World Congress on Software Engineering, pp. 157–160 (2010)Lv, J.J., Zhou, Y.S., Wang, Y.Z.: A multi-criteria evaluation method of information security controls. In: 2011 Fourth International Joint Conference on Computational Sciences and Optimization, pp. 190–194 (2011)Ejnioui, A., Otero, A.R., Tejay, G., Otero, C.E., Qureshi, A.A.: A multi-attribute evaluation of information security, 7Guan, B.-C., Lo, C.-C., Wang, P., Hwang, J.-S.: Evaluation of information security related risks of an organization: the application of the multicriteria decision-making method. In: IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings, pp. 168–175 (2003)Ngeru, J., Bardhan, T.K.: Selecting cloud deployment model using a delphi analytic hierarchy process (DAHP). Ind. Syst. Eng. Rev. 3, 59–70 (2015)Supriya, M., Sangeeta, K., Patra, G.: Trustworthy cloud service provider selection using multi criteria decision making methods. Eng. Lett. 24 (2016)Otero, A.R., Otero, C.E., Qureshi, A.: A multi-criteria evaluation of information security controls using Boolean features. Int. J. Netw. Secur. Its Appl. 2, 1–11 (2010). https://doi.org/10.5121/ijnsa.2010.2401Al-Safwani, N., Hassan, S., Katuk, N.: A multiple attribute decision making for improving information security control assessment. Int. J. Comput. Appl. 89, 19–24 (2014). https://doi.org/10.5120/15482-4222Otero, A.R.: An information security control assessment methodology for organizations 176 (2014)Almeida, L., Respício, A.: Decision support for selecting information security controls. J. Decis. Syst. 27, 173–180 (2018). https://doi.org/10.1080/12460125.2018.1468177Kierzkowski, A., Kisiel, T.: Evaluation of a security control lane with the application of fuzzy logic. Procedia Eng. 187, 656–663 (2017). https://doi.org/10.1016/j.proeng.2017.04.427Waxler, J.: Prioritizing security controls using multiple criteria decision making for home users (2018)Jalayer, F.S., Nabiollahi, A.: Ranking criteria of enterprise information security architecture using fuzzy TOPSIS. Int. J. Comput. Sci. Inf. Technol. 8 (2016)Khajouei, H., Kazemi, M., Moosavirad, S.H.: Ranking information security controls by using fuzzy analytic hierarchy process. IseB 15, 1–19 (2017)Choo, K.K., Mubarak, S., Mani, D.: Selection of information security controls based on AHP and GRA. Presented at the (2014)Yevseyeva, I., Basto, F.V., van Moorsel, A., Janicke, H., Michael, T.: Two-stage security controls selection. Procedia Comput. Sci. 100, 8 (2016)Barnard, L., Von Solms, R.: A formalized approach to the effective selection and evaluation of information security controls. Comput. Secur. 19, 185–194 (2000)Otero, C.E., Dell, E., Qureshi, A., Otero, L.D.: A quality-based requirement prioritization framework using binary inputs. Presented at the (2010)Chen, Z., Yoon, J.: IT auditing to assure a secure cloud computing. Presented at the Services (SERVICES-1), 2010 6th World Congress on (2010)Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Inf. Syst. J. 16, 293–314 (2006)Baskerville, R., Siponen, M.: An information security meta-policy for emergent organizations. Logist. Inf. Manag. 15, 337–346 (2002)Yang, Y.-P.O., Shieh, H.-M., Tzeng, G.-H.: A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Inf. Sci. 232, 482–500 (2013)De-La-Hoz-Franco, E., Ariza-Colpas, P., Quero, J.M., Espinilla, M.: Sensor-based datasets for human activity recognition—a systematic review of literature. IEEE Access. 6, 59192–59210 (2018)Bellman, R.E., Zadeh, L.A.: Decision-making in a fuzzy environment. Manag. Sci. 17, B-141 (1970)SJ, C., Hwong, C., Chen, S., Hwong, C.: Fuzzy multiple attribute decision-making: methods and applications. книгa (1992)Pandey, M., Khare, N., Shrivastava, S.: New aggregation operator for trapezoidal fuzzy numbers based on the geometric means of the left and right apex angles. Submitted for Publication (2012)289271Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0)© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.https://creativecommons.org/licenses/by-nc-sa/4.0/info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Evaluation and prioritization of information security controls of ISO/IEC 27002:2013 for SMEs Through Fuzzy TOPSISCapítulo - Parte de Librohttp://purl.org/coar/resource_type/c_3248Textinfo:eu-repo/semantics/bookParthttp://purl.org/redcol/resource_type/CAP_LIBhttp://purl.org/coar/version/c_b1a7d7d4d402bccehttps://link.springer.com/chapter/10.1007/978-981-16-5036-9_27Fuzzy logicInformation securityInformation security controlsISO/IEC 27002:2013TOPSISORIGINALEvaluation and prioritization of information security controls of.pdfEvaluation and prioritization of information security controls of.pdfapplication/pdf73746https://repositorio.cuc.edu.co/bitstream/11323/9345/1/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdfc70c69ec6ab8c61c8e5c5bb2f6975926MD51open accessLICENSElicense.txtlicense.txttext/plain; charset=utf-83196https://repositorio.cuc.edu.co/bitstream/11323/9345/2/license.txte30e9215131d99561d40d6b0abbe9badMD52open accessTEXTEvaluation and prioritization of information security controls of.pdf.txtEvaluation and prioritization of information security controls of.pdf.txttext/plain1892https://repositorio.cuc.edu.co/bitstream/11323/9345/3/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdf.txta274e2a87f5de60b80d8a2605ce66c0aMD53open accessTHUMBNAILEvaluation and prioritization of information security controls of.pdf.jpgEvaluation and prioritization of information security controls of.pdf.jpgimage/jpeg12899https://repositorio.cuc.edu.co/bitstream/11323/9345/4/Evaluation%20and%20prioritization%20of%20information%20security%20controls%20of.pdf.jpg982bcec16a4a539b694ffdbe10776c34MD54open access11323/9345oai:repositorio.cuc.edu.co:11323/93452023-12-14 17:46:53.872An error occurred on the license name.|||https://creativecommons.org/licenses/by-nc-sa/4.0/open accessRepositorio Universidad de La Costabdigital@metabiblioteca.comQXV0b3Jpem8gKGF1dG9yaXphbW9zKSBhIGxhIEJpYmxpb3RlY2EgZGUgbGEgSW5zdGl0dWNpw7NuIHBhcmEgcXVlIGluY2x1eWEgdW5hIGNvcGlhLCBpbmRleGUgeSBkaXZ1bGd1ZSBlbiBlbCBSZXBvc2l0b3JpbyBJbnN0aXR1Y2lvbmFsLCBsYSBvYnJhIG1lbmNpb25hZGEgY29uIGVsIGZpbiBkZSBmYWNpbGl0YXIgbG9zIHByb2Nlc29zIGRlIHZpc2liaWxpZGFkIGUgaW1wYWN0byBkZSBsYSBtaXNtYSwgY29uZm9ybWUgYSBsb3MgZGVyZWNob3MgcGF0cmltb25pYWxlcyBxdWUgbWUobm9zKSBjb3JyZXNwb25kZShuKSB5IHF1ZSBpbmNsdXllbjogbGEgcmVwcm9kdWNjacOzbiwgY29tdW5pY2FjacOzbiBww7pibGljYSwgZGlzdHJpYnVjacOzbiBhbCBww7pibGljbywgdHJhbnNmb3JtYWNpw7NuLCBkZSBjb25mb3JtaWRhZCBjb24gbGEgbm9ybWF0aXZpZGFkIHZpZ2VudGUgc29icmUgZGVyZWNob3MgZGUgYXV0b3IgeSBkZXJlY2hvcyBjb25leG9zIHJlZmVyaWRvcyBlbiBhcnQuIDIsIDEyLCAzMCAobW9kaWZpY2FkbyBwb3IgZWwgYXJ0IDUgZGUgbGEgbGV5IDE1MjAvMjAxMiksIHkgNzIgZGUgbGEgbGV5IDIzIGRlIGRlIDE5ODIsIExleSA0NCBkZSAxOTkzLCBhcnQuIDQgeSAxMSBEZWNpc2nDs24gQW5kaW5hIDM1MSBkZSAxOTkzIGFydC4gMTEsIERlY3JldG8gNDYwIGRlIDE5OTUsIENpcmN1bGFyIE5vIDA2LzIwMDIgZGUgbGEgRGlyZWNjacOzbiBOYWNpb25hbCBkZSBEZXJlY2hvcyBkZSBhdXRvciwgYXJ0LiAxNSBMZXkgMTUyMCBkZSAyMDEyLCBsYSBMZXkgMTkxNSBkZSAyMDE4IHkgZGVtw6FzIG5vcm1hcyBzb2JyZSBsYSBtYXRlcmlhLg0KDQpBbCByZXNwZWN0byBjb21vIEF1dG9yKGVzKSBtYW5pZmVzdGFtb3MgY29ub2NlciBxdWU6DQoNCi0gTGEgYXV0b3JpemFjacOzbiBlcyBkZSBjYXLDoWN0ZXIgbm8gZXhjbHVzaXZhIHkgbGltaXRhZGEsIGVzdG8gaW1wbGljYSBxdWUgbGEgbGljZW5jaWEgdGllbmUgdW5hIHZpZ2VuY2lhLCBxdWUgbm8gZXMgcGVycGV0dWEgeSBxdWUgZWwgYXV0b3IgcHVlZGUgcHVibGljYXIgbyBkaWZ1bmRpciBzdSBvYnJhIGVuIGN1YWxxdWllciBvdHJvIG1lZGlvLCBhc8OtIGNvbW8gbGxldmFyIGEgY2FibyBjdWFscXVpZXIgdGlwbyBkZSBhY2Npw7NuIHNvYnJlIGVsIGRvY3VtZW50by4NCg0KLSBMYSBhdXRvcml6YWNpw7NuIHRlbmRyw6EgdW5hIHZpZ2VuY2lhIGRlIGNpbmNvIGHDsW9zIGEgcGFydGlyIGRlbCBtb21lbnRvIGRlIGxhIGluY2x1c2nDs24gZGUgbGEgb2JyYSBlbiBlbCByZXBvc2l0b3JpbywgcHJvcnJvZ2FibGUgaW5kZWZpbmlkYW1lbnRlIHBvciBlbCB0aWVtcG8gZGUgZHVyYWNpw7NuIGRlIGxvcyBkZXJlY2hvcyBwYXRyaW1vbmlhbGVzIGRlbCBhdXRvciB5IHBvZHLDoSBkYXJzZSBwb3IgdGVybWluYWRhIHVuYSB2ZXogZWwgYXV0b3IgbG8gbWFuaWZpZXN0ZSBwb3IgZXNjcml0byBhIGxhIGluc3RpdHVjacOzbiwgY29uIGxhIHNhbHZlZGFkIGRlIHF1ZSBsYSBvYnJhIGVzIGRpZnVuZGlkYSBnbG9iYWxtZW50ZSB5IGNvc2VjaGFkYSBwb3IgZGlmZXJlbnRlcyBidXNjYWRvcmVzIHkvbyByZXBvc2l0b3Jpb3MgZW4gSW50ZXJuZXQgbG8gcXVlIG5vIGdhcmFudGl6YSBxdWUgbGEgb2JyYSBwdWVkYSBzZXIgcmV0aXJhZGEgZGUgbWFuZXJhIGlubWVkaWF0YSBkZSBvdHJvcyBzaXN0ZW1hcyBkZSBpbmZvcm1hY2nDs24gZW4gbG9zIHF1ZSBzZSBoYXlhIGluZGV4YWRvLCBkaWZlcmVudGVzIGFsIHJlcG9zaXRvcmlvIGluc3RpdHVjaW9uYWwgZGUgbGEgSW5zdGl0dWNpw7NuLCBkZSBtYW5lcmEgcXVlIGVsIGF1dG9yKHJlcykgdGVuZHLDoW4gcXVlIHNvbGljaXRhciBsYSByZXRpcmFkYSBkZSBzdSBvYnJhIGRpcmVjdGFtZW50ZSBhIG90cm9zIHNpc3RlbWFzIGRlIGluZm9ybWFjacOzbiBkaXN0aW50b3MgYWwgZGUgbGEgSW5zdGl0dWNpw7NuIHNpIGRlc2VhIHF1ZSBzdSBvYnJhIHNlYSByZXRpcmFkYSBkZSBpbm1lZGlhdG8uDQoNCi0gTGEgYXV0b3JpemFjacOzbiBkZSBwdWJsaWNhY2nDs24gY29tcHJlbmRlIGVsIGZvcm1hdG8gb3JpZ2luYWwgZGUgbGEgb2JyYSB5IHRvZG9zIGxvcyBkZW3DoXMgcXVlIHNlIHJlcXVpZXJhIHBhcmEgc3UgcHVibGljYWNpw7NuIGVuIGVsIHJlcG9zaXRvcmlvLiBJZ3VhbG1lbnRlLCBsYSBhdXRvcml6YWNpw7NuIHBlcm1pdGUgYSBsYSBpbnN0aXR1Y2nDs24gZWwgY2FtYmlvIGRlIHNvcG9ydGUgZGUgbGEgb2JyYSBjb24gZmluZXMgZGUgcHJlc2VydmFjacOzbiAoaW1wcmVzbywgZWxlY3Ryw7NuaWNvLCBkaWdpdGFsLCBJbnRlcm5ldCwgaW50cmFuZXQsIG8gY3VhbHF1aWVyIG90cm8gZm9ybWF0byBjb25vY2lkbyBvIHBvciBjb25vY2VyKS4NCg0KLSBMYSBhdXRvcml6YWNpw7NuIGVzIGdyYXR1aXRhIHkgc2UgcmVudW5jaWEgYSByZWNpYmlyIGN1YWxxdWllciByZW11bmVyYWNpw7NuIHBvciBsb3MgdXNvcyBkZSBsYSBvYnJhLCBkZSBhY3VlcmRvIGNvbiBsYSBsaWNlbmNpYSBlc3RhYmxlY2lkYSBlbiBlc3RhIGF1dG9yaXphY2nDs24uDQoNCi0gQWwgZmlybWFyIGVzdGEgYXV0b3JpemFjacOzbiwgc2UgbWFuaWZpZXN0YSBxdWUgbGEgb2JyYSBlcyBvcmlnaW5hbCB5IG5vIGV4aXN0ZSBlbiBlbGxhIG5pbmd1bmEgdmlvbGFjacOzbiBhIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBkZSB0ZXJjZXJvcy4gRW4gY2FzbyBkZSBxdWUgZWwgdHJhYmFqbyBoYXlhIHNpZG8gZmluYW5jaWFkbyBwb3IgdGVyY2Vyb3MgZWwgbyBsb3MgYXV0b3JlcyBhc3VtZW4gbGEgcmVzcG9uc2FiaWxpZGFkIGRlbCBjdW1wbGltaWVudG8gZGUgbG9zIGFjdWVyZG9zIGVzdGFibGVjaWRvcyBzb2JyZSBsb3MgZGVyZWNob3MgcGF0cmltb25pYWxlcyBkZSBsYSBvYnJhIGNvbiBkaWNobyB0ZXJjZXJvLg0KDQotIEZyZW50ZSBhIGN1YWxxdWllciByZWNsYW1hY2nDs24gcG9yIHRlcmNlcm9zLCBlbCBvIGxvcyBhdXRvcmVzIHNlcsOhbiByZXNwb25zYWJsZXMsIGVuIG5pbmfDum4gY2FzbyBsYSByZXNwb25zYWJpbGlkYWQgc2Vyw6EgYXN1bWlkYSBwb3IgbGEgaW5zdGl0dWNpw7NuLg0KDQotIENvbiBsYSBhdXRvcml6YWNpw7NuLCBsYSBpbnN0aXR1Y2nDs24gcHVlZGUgZGlmdW5kaXIgbGEgb2JyYSBlbiDDrW5kaWNlcywgYnVzY2Fkb3JlcyB5IG90cm9zIHNpc3RlbWFzIGRlIGluZm9ybWFjacOzbiBxdWUgZmF2b3JlemNhbiBzdSB2aXNpYmlsaWRhZA== |